Sky Mavis, the company behind the play-to-earn game Axie Infinity, said it is looking to become a “zero-trust organization” in the wake of last month’s $600 million attack on the Ronin network.
This refers to a security stance in which the team will constantly scan for new threats that may be targeting the game’s creator Sky Mavis, the team said in a new post-mortem report published Wednesday.
“Our goal is to become a fully antifragile, zero-trust organization. Zero-trust is a framework that assumes that Sky Mavis is always at risk to external and internal threats,” the report said.
The report recalled the March 23 attack during which hackers stole more than 173,600 ether and 25.5 million USDC hackers from its Ethereum-connected bridge. The overall loss amounted to more than $600 million and made it one of the biggest crypto hacks to date.
These hackers were later identified as the North-Korean hacking entity known as Lazarus Group.
Ronin to have 100 validator nodes
The Ronin team is now focused on redesigning its still-closed cross-chain bridge and increasing the number of validators — entities that play part in verifying transactions. At the time of the security breach, the sidechain had nine validator nodes.
The attackers took control over four of the total nine validators. First, they stole four validator keys controlled by Sky Mavis. Yet another validator — belonging to Axie DAO — was compromised through a “gas-free signature”. After this, the hacking group attained a majority control (5/9 validators) and had the ability to make illegitimate fund transfers from Ronin’s bridge on Ethereum.
As revealed in the Wednesday update, Sky Mavis is planning to expand the total validator nodes to 21 in the next three months, and target having more than 100 nodes in the long run to strengthen the sidechain security.
In recent weeks, Sky Mavis said it conducted internal surveillance checks in collaboration with two cybersecurity firms — CrowdStrike and Polaris Infosec. It also announced a bug bounty of over $1 million for ethical hackers who can find vulnerabilities in its code.
As far as Sky Mavis goes, it raised $150 million from a group of investors, including crypto exchange Binance and VC firms a16z and Paradigm, as part of its efforts to reimburse affected users.